Only Cronyism Prevents FCC from Following FTC Privacy Model

Activist groups pushing for heavy-handed, public utility-style Internet privacy regulations cry that FTC enforcement of Internet privacy – one which has guided the Internet’s development for ISPs and edge companies these past two decades – no longer works…

…for ISPs, that is.

For companies like Google and Facebook – the most dominant and inescapable data Hoovers on the Internet – FTC enforcement remains OK.

Hmmm.

Anyway, because the FCC now regulates ISPs as public utilities, ISPs have a statutory duty in Section 222 of the Communications Act to protect the Internet privacy of their customers. The activist groups believe this duty is so important that the Commission must quickly issue detailed rules to clamp down on the (minute) possibility that ISPs will somehow harm consumers and violate their privacy (by speaking to them with truthful, commercial communications). After all, they caterwaul, the FCC was given a mandate by Congress to do so.

Quite frankly, this is hooey.

Yes, it is true that as long as ISPs are regulated as public utilities they have a statutory duty to protect the privacy of customer information (something they have always done even before Net Neutrality). It is equally true that the Commission has the discretion to issue privacy rules (as it has in the past) if it so chooses. Importantly, however, Congress did not mandate such regulations.

We know this because when Congress wants the FCC to write a specific rule, it instructs the Agency to do so. For example, if you look at a nearby section of the law passed at the same time as Section 222 – e.g., Section 224, which regulates Pole Attachments – Congress specifically wrote that the Commission shall come up with “rule regulations to carry out the provisions of [the] section.”

A similar directive – which appears elsewhere in the Act for other statutory duties – is specifically missing in Section 222. Moreover, it is also absent in the ’96 Act’s Conference Agreement, which informs how and why Section 222 was created by Congress.

The upshot of this is that the Commission is not legally compelled to issue hyper-detailed privacy rules as it has proposed. Something far less but equally effective could do as long as the Agency comports its actions with the Act and properly reasons its resulting approach. The Commission has ample authority to accomplish the goals of Section 222 without having to split the Internet ecosystem into two essentially different privacy regimes – i.e., a strictly quarantined and siloed regime for ISPs; and a free-flowing agora for Google, Facebook and others. In short, the Agency can avoid this anti-consumer, anti-competition, anti-innovation result if it simply wanted to.

The solution proffered by the ISPs and market-based groups – i.e., that the FCC share, work with, or emulate the successful pre-Title II, FTC approach to protecting Internet privacy – could work. It certainly has these past 20 years. Nothing in the Act or law prevents that approach.

Nothing prevents it, that is, but Google and Facebook, and their crony demands that the Commission protect their growing data fiefdoms from ISP competition.